[Date Prev][Date Next] [Chronological] [Thread] [Top]

Help: usage of ldap_start_tls_s

To: <openldap-software@OpenLDAP.org>
Subject: Help: usage of ldap_start_tls_s
From: Giuseppe Lo Biondo <Giuseppe.LoBiondo@mi.infn.it>
Date: Thu, 2 Nov 2000 17:11:05 +0100 (CET)
In-reply-to: <3A015E9F.DFEF595A@envilogg.se>


Hi!

I'm trying to write an application that uses
ldap_start_tls_s. The code is taken form ldapsearch.c


version=LDAP_VERSION3;
  if( ldap_set_option( ld, LDAP_OPT_PROTOCOL_VERSION, &version )
                != LDAP_OPT_SUCCESS )
        {
                fprintf( stderr, "Could not set LDAP_OPT_PROTOCOL_VERSION  %d\n",
                       version );
                exit (EXIT_FAILURE);
        }
ldap_perror(ld, "ldap_set_option");
 if ( use_tls && ldap_start_tls_s( ld, NULL, NULL ) != LDAP_SUCCESS ) {

                ldap_perror( ld, "ldap_start_tls" );
                fprintf( stderr, "WARNING: could not start TLS\n" );

        }


And this causes the client to crash.

This is the server log

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
....
TLS trace: SSL_accept:failed in SSLv3 read client certificate A
TLS: can't accept.

This is true since I haven't a client certificate (and I dont' want to
use one certificate)


ldapsearch produces this log and works.


server

TLS trace: SSL_accept:before/accept initialization
TLS trace: SSL_accept:SSLv3 read client hello A
TLS trace: SSL_accept:SSLv3 write server hello A
TLS trace: SSL_accept:SSLv3 write certificate A
TLS trace: SSL_accept:SSLv3 write server done A
TLS trace: SSL_accept:SSLv3 flush data
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:error in SSLv3 read client certificate A
TLS trace: SSL_accept:SSLv3 read client key exchange A
TLS trace: SSL_accept:SSLv3 read finished A
TLS trace: SSL_accept:SSLv3 write change cipher spec A
TLS trace: SSL_accept:SSLv3 write finished A
TLS trace: SSL_accept:SSLv3 flush data

client

TLS trace: SSL_connect:before/connect initialization
TLS trace: SSL_connect:SSLv2/v3 write client hello A
TLS trace: SSL_connect:SSLv3 read server hello A
TLS certificate verification: depth: 0, subject:
/C=IT/ST=Italy/L=Milan/O=prof, issuer: /C=IT/ST=Italy/L=Milan/O=profca
TLS trace: SSL_connect:SSLv3 read server certificate A
TLS trace: SSL_connect:SSLv3 read server done A
TLS trace: SSL_connect:SSLv3 write client key exchange A
TLS trace: SSL_connect:SSLv3 write change cipher spec A
TLS trace: SSL_connect:SSLv3 write finished A
TLS trace: SSL_connect:SSLv3 flush data
TLS trace: SSL_connect:SSLv3 read finished A

Does anyone know where do I go wrong?

Thanks
Giuseppe

References:
- Re: NT port of slapd running as an NT service?
  - From: Mikael Grehn <mikael@envilogg.se>

Prev by Date: Re: NT port of slapd running as an NT service?
Next by Date: Problem doing BIND with uid
Index(es):
- Chronological
- Thread